Understanding PCI DSS Compliance
The Payment Card Industry (PCI) Data Security Standa
rd (DSS) is a worldwide information security standard defined by the Payment Card Industry Security Standards Council. The standard itself was created to assist payment card industry organizations that process card payments, and to prevent credit card fraud through increased monitoring of data and its overall exposure to compromise. The standard itself applies to every organization that holds, processes, or exchanges cardholder information from any card branded with the logo of one of the card brands. This standard is a reality and it can impact your business in a major way.

PCI DSS and You
PCI DSS Security Standards and Measures were set in place by the card issuing associations in order to protect cardholder information. They were also set in place to help prevent security issues such as credit card fraud, hacking, and many other serious issues that can arise.  The PCI standards primarily focus on the encryption, storage, and transfer of this sensitive data while in a merchant’s possession.  If your business experiences a breach of card holder data while not compliant with these standards, you may be fined by the associations up to $500,000 for the initial investigation as well as a fee per record that is compromised. The damage to your business’s reputation due to loss of consumer confidence cannot be assessed but it will be great. Let’s face it you don’t want to risk that kind of damage, and destruction to your reputable business.

PCI Compliance: It’s not just for larger merchants
All merchants, regardless of size, must comply with the PCI DSS. Depending on the type of business and how many transactions are processed, level 1-3 merchants (annual Point Of Sale (POS) transactions over 1 million) may have some additional requirements, but level 4 merchants (annual POS transactions under 1 million) are actually the most targeted by hackers and thieves. Additionally, recent data shows that 80% of payment card compromises since 2005 affected Level 4 merchants.  The penalties and fines are excessive depending on the amount of information that is compromised and have put some merchants completely out of business.